κατασκευή ιστοσελίδων ρόδος

TECH - WEB DEVELOPMENT NEWS

Get the latest tech - web development news and analysis on industry around the world.

  • HOME
You are here: Home / INDUSTRY NEWS / SmartLoader Malware via Github Repository as Legitimate Projects Infection Users Computer
άμυνα
.

SmartLoader Malware via Github Repository as Legitimate Projects Infection Users Computer

14/08/2025

Cybersecurity researchers have uncovered a sophisticated malware distribution campaign utilizing GitHub repositories disguised as legitimate software projects.

The SmartLoader malware has been strategically deployed across multiple repositories, capitalizing on users’ trust in the popular code-sharing platform to infiltrate systems worldwide.

The malicious campaign targets users searching for game cheats, software cracks, and automation tools by positioning fraudulent repositories at the top of search results.

SmartLoader distribution site being displayed at the top of Google search results (Source – ASEC)

These repositories appear authentic, complete with professionally crafted README files, project documentation, and realistic file structures that mirror legitimate open-source projects.

The threat actors behind this operation have demonstrated remarkable attention to detail, making their malicious repositories virtually indistinguishable from genuine software projects.

Each compromised repository contains carefully constructed compressed files hosting the SmartLoader payload. When users download and execute these files, they unknowingly initiate a multi-stage infection process that establishes persistent access to their systems.

ASEC analysts identified this widespread distribution method as particularly concerning due to its exploitation of developer and gaming communities’ trust in GitHub as a reliable source for software tools.

Technical Infection Mechanism and Payload Deployment

The SmartLoader infection process begins when users execute the Launcher.cmd file, which serves as the initial attack vector.

This malicious batch file loads an obfuscated Lua script through luajit.exe, a legitimate Lua interpreter that has been weaponized for malicious purposes.

Files inside the compressed file (Source – ASEC)

The malware package consists of four core components: java.exe (the legitimate Lua loader), Launcher.cmd (malicious batch file), lua51.dll (Luajit runtime interpreter), and module.class (obfuscated Lua script).

Once activated, SmartLoader establishes persistence by copying essential files to the %AppData%ODE3 directory and registering itself in the Windows Task Scheduler as “SecurityHealthService_ODE3”.

The malware immediately captures screenshots and system information, transmitting this data to command-and-control servers through Base64-encoded communications.

The malware’s most dangerous capability lies in its role as a loader for additional payloads.

Analysis revealed that SmartLoader downloads and executes secondary malware including Rhadamanthys infostealer, which targets sensitive information from email clients, FTP applications, and online banking services.

The malware performs process injection into legitimate Windows processes such as openwith.exe, dialer.exe, and dllhost.exe to evade detection.

Communication with C2 servers occurs through encrypted channels, with the malware receiving JSON-formatted commands containing configuration parameters and task lists.

This infrastructure allows threat actors to dynamically update malware behavior and deploy additional payloads based on the infected system’s characteristics.

This campaign highlights the critical importance of verifying software sources and examining repository credibility, commit history, and author authenticity before downloading any GitHub-hosted applications, particularly those related to game modifications or software cracks.

Boost your SOC and help your team protect your business with free top-notch threat intelligence: Request TI Lookup Premium Trial.
Source: cybersecuritynews.com

Filed Under: INDUSTRY NEWS Tagged With: Source-10

NotebookLM’s new Learning Guide feeature completely changed the way I study with the tool

Given how much I love NotebookLM and how often I use the tool, if it got no new features beyond its iconic Audio Overviews and Mind Maps, I’d likely not complain. At the same time, new features are always exciting, especially when they genuinely change the way you use a tool. Source: xda-developers.com … [Read More...]

Google’s latest Lab experiment is NotebookLM but better

I’ve tried every NotebookLM competitor I’ve come across, but none have managed to match its capabilities. The only tool that seemed to help me more than NotebookLM when I was studying was a Google Labs experiment called Learn About. Source: xda-developers.com … [Read More...]

The Roku Streaming Stick Plus drops to a new record-low price for Prime Day

If you're looking for a way to upgrade an old TV or add a more convenient smart interface to your main set, Roku devices are good ways to do that. Thanks to Prime Day deals that you can already get now, you can get one of our favorite Roku streaming devices for less than $30. The Roku Streaming Stick Plus is on sale for just $24 right now, which is 40 percent off and the lowest price we've seen.We … [Read More...]

Apple's AirPods 4 drop to $90 for Prime Day

If you prefer open-ear AirPods but still have an older model, this deal could be worth noting. Amazon's October Prime Day has the AirPods 4 on sale for $90, or 30 percent off their usual price. That's also the lowest we've seen them.When Apple updated its standard AirPods in 2024, it released two models: one with active noise cancellation (ANC) and one without. We consider the non-ANC models to be … [Read More...]

I ditched dynamic DNS for a new-fangled alternative

While Dynamic DNS addresses solve one problem about accessing self-hosted services outside your home network, they create their own issues. Having a public-facing IP address from your home network is never a good idea, even if you know enough to secure it against attack. Any open ports on your home IP address will get sniffed in short order. Source: xda-developers.com … [Read More...]

The developers behind a hit sausage-dueling game hope Steam launch will take it furter

EntertainmentAlready a hit in Japan, the oddball Sausage Legend is primed to go global.Oct 5, 2025, 1:00 PM UTCLife is a series of battles, and I just lost my last one against four gyoza on a skewer. It was an unexpected blow, because honestly, who could have expected me — a springy, respectably proportioned hot dog — to lose against a seemingly inflexible spear of small, unassuming dumplings? … [Read More...]

Audible deal: Get three months for only $3 with this Prime Day discount

The traditional Amazon Prime Day Audible sale has returned for October Prime Day. Audiobook fans can get three months of Audible for just $3, or $1 per month for the first three months. Once the three-month initial period is over, though, the subscription will auto-renew at $14.95 per month.Audible features thousands of titles in its catalog, including podcasts and Audible Originals. Subscribers … [Read More...]

Prime Day Apple deals include 25 percent off a four-pack of AirTags

Prime Day Apple deals can be hard to come by, but right now you can save on one of Apple's smallest (and arguably one if its most useful) gadgets. A four-pack of Apple AirTags is down to $75 right now, which is 24 percent off its usual price. That brings each AirTag in the bundle down to $18.75 each. If you're an Apple user, then the AirTag is the best Bluetooth tracker on the market for … [Read More...]

Scientists Identify Microlightning as Source of Mysterious Blue Marsh Lights

For hundreds of years, people have spun stories of ghostly balls of blue light floating above marshes and swamps, called will-o'-the-wisps or “foolish fire.” They were believed to be ghosts, spirits or tricksters luring people off the right path. Now, a new lab study has tried to determine whether those mysterious embers might actually all begin life as feeble flares, being microlightning that … [Read More...]

This obscure Windows tool has been sitting on your PC for years, and it's still useful

Windows 11 comes loaded with a ton of tools and apps right out of the box. You might call some of it bloat, while others are genuinely useful pieces of software that can help you do basic tasks or keep your PC safe. And others are simply tools you might not even know existed. Source: xda-developers.com … [Read More...]

Tags

Source-1 Source-2 Source-3 Source-4 Source-5 Source-6 Source-7 Source-8 Source-9 Source-10 Source-12 Source-13 Source-15 Source-16

Tech Web Development News

This is a PERSONAL and PRIVATE WEBPAGE. Please leave this page. Contact me via email : admin@news-6.com about anything you would like to ask or problem.

Tech News

Disclaimer!
In every post is written below the original source of the post. Copyrights belong on their owners.

Web Development News

HOTELS – CRUISES – CARS – TRAVEL

Recent Posts

  • NotebookLM’s new Learning Guide feeature completely changed the way I study with the tool
  • Google’s latest Lab experiment is NotebookLM but better
  • The Roku Streaming Stick Plus drops to a new record-low price for Prime Day
  • Apple's AirPods 4 drop to $90 for Prime Day
  • I ditched dynamic DNS for a new-fangled alternative

Technology - Seo

Categories

  • INDUSTRY NEWS

World Industry News

Privacy & Cookies: This site uses cookies.
To find out more, as well as how to remove or block these, see here: Our Cookie Policy
TECH - WEB DEVELOPMENT NEWS @ COPYRIGHTS 2023